EdgeRouter not handing out addresses on VLAN
-
I have an EdgeRouter Lite that is not handing out DHCP addresses on VLAN 80. Does anyone see an issue in the config as to why that would be?
ubnt@ubnt:~$ show configuration firewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { address dhcp description Internet duplex auto firewall { in { name WAN_IN } local { name WAN_LOCAL } } speed auto } ethernet eth1 { address 192.168.1.1/24 description Local duplex auto speed auto vif 80 { address 192.168.80.1/24 description guestInternet mtu 1500 } } ethernet eth2 { address 192.168.2.1/24 description "Local 2" duplex auto speed auto } loopback lo { } } service { dhcp-server { disabled false hostfile-update disable shared-network-name GuestInternet { subnet 192.168.80.0/24 { default-router 192.168.80.1 dns-server 8.8.8.8 dns-server 4.2.2.2 start 192.168.80.10 { stop 192.168.80.250 } } } shared-network-name LAN1 { authoritative enable subnet 192.168.1.0/24 { default-router 192.168.1.1 dns-server 192.168.1.3 lease 86400 start 192.168.1.38 { stop 192.168.1.243 } } } } dns { forwarding { cache-size 150 listen-on eth1 listen-on eth2 } } gui { https-port 443 } nat { rule 5010 { description "masquerade for WAN" outbound-interface eth0 type masquerade } } ssh { port 22 protocol-version v2 } } system { host-name ubnt login { user ubnt { authentication { encrypted-password **************** } level admin } } ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone UTC } ubnt@ubnt:~$I know I don't have the rules in yet to block subnet to subnet traffic. On my EdgeSwitch, I have port 2 untagged on VLAN 80, and excluded on VLAN 1. Port 2 is connected to the computer. On port 24, I have VLAN 1 untagged, and VLAN 80 tagged. If I statically configure an address on 192.168.80.0/24 I can route out to the internet and ping the other subnet. If I statically configure an address on 192.168.1.0/24, I can't ping anything, so it seems like it's on the VLAN, it's just that DHCP isn't working on that VLAN.
-
Here is the config at one client.
Interfaces
set interfaces ethernet eth1 address 10.202.1.1/23 set interfaces ethernet eth1 description 'FSL LAN' set interfaces ethernet eth1 duplex auto set interfaces ethernet eth1 firewall in name LAN_IN set interfaces ethernet eth1 firewall local name LAN_LOCAL set interfaces ethernet eth1 speed auto set interfaces ethernet eth1 vif 10 address 10.202.10.1/24 set interfaces ethernet eth1 vif 10 description 'Guest Wireless' set interfaces ethernet eth1 vif 10 firewall in name Public_WiFi_IN set interfaces ethernet eth1 vif 10 firewall local name Public_WiFi_LOCAL set interfaces ethernet eth1 vif 10 mtu 1500DHCP
set service dhcp-server disabled false set service dhcp-server hostfile-update enable set service dhcp-server shared-network-name FSL_LAN authoritative disable set service dhcp-server shared-network-name FSL_LAN disable set service dhcp-server shared-network-name FSL_LAN subnet 10.202.0.0/23 default-router 10.202.1.1 set service dhcp-server shared-network-name FSL_LAN subnet 10.202.0.0/23 dns-server 10.202.1.1 set service dhcp-server shared-network-name FSL_LAN subnet 10.202.0.0/23 lease 28800 set service dhcp-server shared-network-name FSL_LAN subnet 10.202.0.0/23 start 10.202.0.100 stop 10.202.1.249 set service dhcp-server shared-network-name FSL_LAN subnet 10.202.0.0/23 unifi-controller 207.244.223.13 set service dhcp-server shared-network-name Guest_WiFi authoritative disable set service dhcp-server shared-network-name Guest_WiFi subnet 10.202.10.0/24 default-router 10.202.10.1 set service dhcp-server shared-network-name Guest_WiFi subnet 10.202.10.0/24 dns-server 10.202.10.1 set service dhcp-server shared-network-name Guest_WiFi subnet 10.202.10.0/24 lease 14400 set service dhcp-server shared-network-name Guest_WiFi subnet 10.202.10.0/24 start 10.202.10.30 stop 10.202.10.200 set service dhcp-server shared-network-name Guest_WiFi subnet 10.202.10.0/24 unifi-controller 207.244.223.13 set service dhcp-server static-arp disable set service dhcp-server use-dnsmasq disable -
are you sure you have your switch setup right?
What is port 24 plugged into?
Which port were you plugged into with the manual config that worked?
-
@jaredbusch Port 24 on the switch is plugged in to the EdgeRouter Eth1.
-
@jaredbusch said in EdgeRouter not handing out addresses on VLAN:
Which port were you plugged into with the manual config that worked?
Same ports for everything.
-
Keep the switch out of the picture.
Plug something into eth1 directly does it pull DHCP on vlan1?
Force that device to VLAN 80 and plug it in to eth1. Does it get the DHCP then?
-
@mike-davis said in EdgeRouter not handing out addresses on VLAN:
@jaredbusch said in EdgeRouter not handing out addresses on VLAN:
Which port were you plugged into with the manual config that worked?
Same ports for everything.
That is not the correct answer.
-
@jaredbusch good idea. Forgot I could force something to a VLAN.
-
@jaredbusch said in EdgeRouter not handing out addresses on VLAN:
Plug something into eth1 directly does it pull DHCP on vlan1?
Force that device to VLAN 80 and plug it in to eth1. Does it get the DHCP then?Did this and not getting an IP. Doing the old stare and compare with your config to see what is different.
-
@mike-davis said in EdgeRouter not handing out addresses on VLAN:
@jaredbusch said in EdgeRouter not handing out addresses on VLAN:
Plug something into eth1 directly does it pull DHCP on vlan1?
Force that device to VLAN 80 and plug it in to eth1. Does it get the DHCP then?Did this and not getting an IP. Doing the old stare and compare with your config to see what is different.
my LAN scope is disabled in that. It is only there for failover if the windows AD server with all the roles fails.
-
You can also tell your switch to use VLAN 80 to get it's IP for management. not sure where. Notlogged into an ES atm.
-
@jaredbusch said in EdgeRouter not handing out addresses on VLAN:
my LAN scope is disabled in that. It is only there for failover if the windows AD server with all the roles fails.
That explains this line:
set service dhcp-server shared-network-name FSL_LAN disableWhat about this:
set service dhcp-server shared-network-name FSL_LAN authoritative disable -
@mike-davis said in EdgeRouter not handing out addresses on VLAN:
What about this:
set service dhcp-server shared-network-name FSL_LAN authoritative disableThat was it. Thanks @JaredBusch - you the man.
